Information Technology enables many new and creative ways that are used and maybe used to spoof a secure web page from a bank server and that each and every part of a web page can be faked. Many hacker techniques can impersonate a web page as coming from the secure server. For example they can impersonate a web page to look exactly like a bank's real web page in all respects by copying the images and design layout of the bank's web page including impersonating the name of the web server that is displayed on the address section in the web page.
The customer then, has no clue if the web page in which they are about to enter their personal online banking identity data indeed did originate from the bank server. For this security issue, the industry has coined the term ‘phishing”, like to imply fishing for and stealing online bank identity. The industry has seen that the phishing scams are ever growing and ever so sophisticated by being automated that they had to form an anti-phishing organization to measure the extent of the problem.
Given the nature of today's threats, one cannot really be sure that the secure page with a lock at the bottom did come from the secure server of bank and the data being entered is going to the bank server and not to hackers. A person has no frame of reference to verify the web page authentication other than the address block in the browser, which address may be faked.
In light of the above, it is an objective of the present invention to have a system and method that enables a user to authenticate a secure web server before supplying his/her personal information to the secure server via the web page.